In this episode of Software Testing with Fexingo, Lucas and Luna dive into the critical role of security testing in modern QA. While many teams focus on functional and performance testing, security testing often takes a back seat until a breach occurs. Lucas explains the key differences between penetration testing and automated vulnerability scanning, using the 2023 MOVEit Transfer vulnerability as a concrete example — a single SQL injection flaw that affected hundreds of organizations and cost billions in remediation. He highlights how integrating security testing into the CI/CD pipeline via dynamic analysis (DAST) and static analysis (SAST) can catch issues early, referencing a 2024 IBM study showing that fixing a vulnerability in production costs 30 times more than during design. Luna questions the practical barriers for small teams, and Lucas outlines a phased approach: start with SAST, add DAST for critical paths, and run periodic red-team exercises. The episode also touches on the importance of security culture through 'security champions' and the rising adoption of bug bounty programs. Listeners will walk away with a concrete roadmap for layering security testing without overwhelming their QA process.

#SecurityTesting #DevSecOps #SAST #DAST #PenetrationTesting #VulnerabilityScanning #MOVEitTransfer #SQLInjection #IBMSecurity #BugBounty #CICDPipeline #RedTeaming #ThreatModeling #OWASP #SoftwareTesting #Technology #FexingoBusiness #BusinessPodcast

Keep every episode free: buymeacoffee.com/fexingo